Privacy Policy
Version 1.0 — Effective March 2026
1. Introduction
This Privacy Policy explains how RapidoLinks ("we", "us") collects, uses, and protects your personal data when you use our platform. We are committed to protecting your privacy and handling your data transparently.
2. Data We Collect
| Category | Data | Purpose |
|---|
| Account | Name, email, avatar URL | Authentication, profile display |
| OAuth | Provider ID (Google/GitHub) | Login authentication |
| Analytics | Click events, device type, country, referrer | Redirect analytics for app owners |
| Attribution | IP address (hashed), install matching | Campaign attribution, one-time use |
| Technical | IP address, user agent, timestamps | Security, abuse prevention, legal compliance |
3. How We Use Your Data
- Provide the Service — authenticate you, process redirects, display analytics
- Service communications — send transactional emails (invitations, billing, certificate alerts)
- Security — detect abuse, enforce rate limits, prevent fraud
- Improvement — aggregate, anonymized analytics to improve the platform
We do not sell your personal data. We do not use your data for advertising.
4. Data Storage and Retention
- Account data — retained while your account is active, deleted 30 days after account closure
- Raw analytics — retained for 3 months
- Aggregated analytics — weekly summaries for 3 years, monthly for 10 years, yearly indefinitely
- Attribution data — IP-based matches are one-time use and not stored after matching
- Legal consent records — retained for the duration required by applicable law
5. Data Sharing
We share data only in these circumstances:
- Organization members — team members in your organization can see app analytics
- Infrastructure providers — hosting, email delivery, and payment processing (data processing agreements in place)
- Legal requirements — when required by law, court order, or to protect our rights
6. Cookies and Sessions
We use essential cookies only:
- Session cookie — authenticates your login session (HttpOnly, Secure)
- OAuth state cookie — prevents CSRF during login (temporary, HttpOnly)
We do not use tracking cookies, advertising cookies, or third-party analytics on the dashboard.
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access your personal data
- Correct inaccurate data
- Delete your account and associated data
- Export your data in a portable format
- Object to or restrict certain processing
To exercise these rights, contact [email protected].
8. Security
We implement industry-standard security measures including:
- TLS encryption for all data in transit
- Encrypted database connections
- HttpOnly, Secure session cookies
- Rate limiting and abuse detection
9. Children's Privacy
The Service is not intended for users under 16 years of age. We do not knowingly collect data from children.
10. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be communicated via email. Continued use of the Service after changes constitutes acceptance.
11. Contact
For privacy-related questions or requests, contact us at [email protected].